Privacy Policy

This Privacy Policy applies to all users of the RipeSpot platform, including real estate developers, government housing agency users, vendors, and other professionals who access the Service. By using RipeSpot, you consent to the practices described in this Privacy Policy.

This Policy should be read together with our Terms of Service. Terms not defined here have the meanings given to them in the Terms of Service.

We collect the following categories of information:

Account Information

• Email address and password (stored as a secure hash)
• Full name and organization name
• Professional title and phone number (if provided)
• Account creation date and last login

Project and Business Data

• Project names, addresses, descriptions, and status information
• Deal pipeline data including addresses, prices, and projected returns
• Financial data entered into pro forma tools and financial analysis features
• LIHTC compliance checklist entries and notes
• Zoning lookup search queries and results viewed
• PILOT analysis inputs and outputs
• HOME and HTF compliance data
• Team member information (names, emails, roles)
• Task assignments, deadlines, and notes

Uploaded Documents

• Files and documents uploaded to the Document Repository (PDFs, Word documents, spreadsheets, images)
• File names, sizes, upload dates, and folder categorization
• Notes and metadata associated with uploaded documents

Payment Information

• Subscription plan and billing history
• Payment method details (credit card number, expiration, CVV — collected and stored exclusively by Stripe; we do not store raw card data)
• Billing address
• Stripe customer ID and subscription ID

Vendor Marketplace Data

• Vendor company information, contact details, and professional bios
• Vendor type, certifications (DBE, MBE, WBE, etc.), and service areas
• Project listings posted by developers
• Bid submissions including proposal text and fee amounts
• Bid status and award decisions

Usage and Analytics Data

• Pages visited and features used within the platform
• Time and duration of sessions
• Browser type, device type, and operating system
• IP address and approximate geographic location (country/state level)
• Clickstream data and interaction events
• Error logs and performance data

Communications

• Support requests and correspondence with RipeSpot
• Feedback and survey responses

We use the information we collect to:

• Provide, operate, maintain, and improve the RipeSpot platform and all its features
• Authenticate your identity and maintain the security of your account
• Process payments and manage your subscription
• Display your projects, documents, and data within the platform
• Send transactional emails (account confirmation, password reset, invoice receipts)
• Send service-related notifications (new project bids, bid status updates, team task assignments, deadline reminders)
• Send product updates, feature announcements, and relevant platform news (you may opt out)
• Respond to your support requests and inquiries
• Monitor platform usage, diagnose technical issues, and improve performance
• Detect, prevent, and address fraud, abuse, and security incidents
• Comply with applicable legal obligations
• Enforce our Terms of Service

We do not use your User Content or project data to train AI models, develop competing products, or for any purpose other than providing and improving the Service.

Database: Your account information, project data, and all structured data is stored in Supabase, a managed PostgreSQL database service. Supabase is built on Amazon Web Services (AWS) infrastructure. Your data is stored in data centers located in the United States. Supabase implements encryption at rest and in transit for all data.

File Storage: Uploaded documents and files are stored in Supabase Storage, which uses AWS S3 (Simple Storage Service) as the underlying storage layer. All files are encrypted at rest using AES-256 encryption and transmitted over HTTPS/TLS.

Application Hosting: The RipeSpot web application is hosted on Vercel, a cloud platform for Next.js applications. Vercel operates data centers in multiple regions including the United States.

Data Access Controls: We implement Row Level Security (RLS) policies at the database level to ensure that each user can only access their own data. Our storage system enforces user-scoped folder permissions so that uploaded files are only accessible to the account that uploaded them.

We use the following third-party service providers to operate the RipeSpot platform. Each provider has its own privacy policy governing their use of data:

We do not sell your personal information to any third party, advertising network, or data broker. We will only share your information with third parties as described in this Privacy Policy or with your explicit consent.

We share your information only in the following circumstances:

• Service providers: With the third-party providers listed above, solely to provide the Service
• Vendor Marketplace: When you register as a vendor, your company profile (name, type, certifications, service areas, bio, and contact information) is displayed to other authenticated users in the vendor directory. You control what information you include in your profile.
• Legal requirements: If we are required to disclose information by applicable law, regulation, court order, subpoena, or other legal process, we will comply after providing you notice where legally permitted to do so
• Protection of rights: To enforce our Terms of Service, protect the rights, property, or safety of RipeSpot, our users, or the public
• Business transfers: In connection with a merger, acquisition, asset sale, or other business transaction, in which case we will notify you before your personal information is transferred and becomes subject to a different privacy policy
• With your consent: For any other purpose with your explicit consent

We do not sell, rent, lease, or otherwise disclose your personal information to third parties for their marketing or advertising purposes.

You have the following rights with respect to your personal information:

• Access: You may request a copy of the personal information we hold about you
• Correction: You may update or correct inaccurate information directly in your account settings, or by contacting us
• Export: You may export your project data and uploaded documents at any time through the platform. Following account termination, your data remains available for export for 30 days.
• Deletion: You may request deletion of your account and associated personal information by contacting us at steven@ripespotdevelopment.com. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., billing records).
• Opt-out of marketing: You may opt out of marketing and non-transactional emails at any time by clicking the unsubscribe link in any marketing email, or by contacting us. You will continue to receive transactional emails necessary to operate your account.
• Data portability: You may request your data in a structured, machine-readable format

To exercise any of these rights, please contact us at steven@ripespotdevelopment.com. We will respond to your request within 30 days.

RipeSpot uses cookies and similar tracking technologies to operate and improve the platform. A cookie is a small text file stored on your device by your browser.

Types of cookies we use:

• Essential cookies: Required for the platform to function. These include authentication session cookies that keep you logged in and security cookies that prevent cross-site request forgery. These cannot be disabled without breaking the platform.
• Functional cookies: Remember your preferences and settings (such as display preferences and filters) to improve your experience.
• Analytics cookies: Help us understand how users interact with the platform so we can improve features and fix issues. We use privacy-respecting analytics tools.

Most browsers allow you to control cookies through their settings. However, disabling essential cookies may prevent you from logging in or using core platform features.

We do not use third-party advertising or tracking cookies. We do not share cookie data with advertising networks.

We retain your personal information for the following periods:

• Active accounts: We retain your data for as long as your account is active or as needed to provide the Service
• After account closure: User Content is available for export for 30 days, then deleted from active systems. Backups are purged within 90 days of the 30-day export period.
• Payment records: Billing and transaction records are retained for 7 years as required by applicable tax and financial recordkeeping laws
• Legal holds: We may retain information for longer periods if required by a legal hold, litigation, or regulatory inquiry
• Anonymized analytics: Aggregated, de-identified analytics data may be retained indefinitely

We implement industry-standard technical and organizational security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction, including:

• All data transmitted to and from the platform is encrypted using TLS 1.2 or higher (HTTPS)
• Data stored in our database is encrypted at rest using AES-256 encryption
• Uploaded files are stored in encrypted, access-controlled object storage
• Database Row Level Security (RLS) policies ensure strict data isolation between users
• User-scoped storage policies prevent cross-user file access
• Passwords are hashed using bcrypt before storage — we never store plaintext passwords
• Authentication is managed through Supabase Auth with secure session handling
• Payment card data is processed exclusively by Stripe and never transmitted to or stored on our servers
• Access to production systems is restricted to authorized personnel only
• We conduct regular security reviews of our infrastructure and code

While we take these precautions, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. In the event of a security breach that affects your personal information, we will notify you as required by applicable law.

RipeSpot is a professional platform intended exclusively for use by adults aged 18 and older. We do not knowingly collect, solicit, or maintain personal information from individuals under the age of 18.

If you are under 18, you are not permitted to use RipeSpot or create an account. If we become aware that we have inadvertently collected personal information from a person under 18, we will promptly delete that information from our systems.

If you believe that we have collected personal information from a child under 18, please contact us immediately at steven@ripespotdevelopment.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes to this Policy, we will:

• Update the “Effective Date” at the top of this Policy
• Send an email notification to your account email address
• Display a prominent notice within the RipeSpot platform

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Policy periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We will respond to all privacy inquiries within 30 days of receipt.